CVE-2022-22687
- EPSS 5.61%
- Veröffentlicht 25.03.2022 07:15:07
- Zuletzt bearbeitet 14.01.2025 19:29:55
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-27649
- EPSS 1.46%
- Veröffentlicht 23.06.2021 10:15:08
- Zuletzt bearbeitet 14.01.2025 19:29:55
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
- EPSS 0.31%
- Veröffentlicht 23.06.2021 10:15:08
- Zuletzt bearbeitet 14.01.2025 19:29:55
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to rea...
CVE-2021-29085
- EPSS 0.28%
- Veröffentlicht 23.06.2021 10:15:08
- Zuletzt bearbeitet 14.01.2025 19:29:55
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary...
CVE-2021-29086
- EPSS 0.2%
- Veröffentlicht 23.06.2021 10:15:08
- Zuletzt bearbeitet 14.01.2025 19:29:55
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-29087
- EPSS 0.23%
- Veröffentlicht 23.06.2021 10:15:08
- Zuletzt bearbeitet 14.01.2025 19:29:55
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2021-26562
- EPSS 1.39%
- Veröffentlicht 26.02.2021 22:15:20
- Zuletzt bearbeitet 14.01.2025 19:29:55
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
CVE-2021-26563
- EPSS 0.12%
- Veröffentlicht 26.02.2021 22:15:20
- Zuletzt bearbeitet 14.01.2025 19:29:55
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-26564
- EPSS 0.16%
- Veröffentlicht 26.02.2021 22:15:20
- Zuletzt bearbeitet 14.01.2025 19:29:55
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
CVE-2021-26565
- EPSS 0.18%
- Veröffentlicht 26.02.2021 22:15:20
- Zuletzt bearbeitet 14.01.2025 19:29:55
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.